Re: [Haskell-cafe] Idea for hackage feature

On 17 September 2010 10:12, Ben Millwood wrote:

On Fri, Sep 17, 2010 at 1:44 AM, Ivan Lazar Miljenovic wrote:

...

On 17 September 2010 03:18, Henning Thielemann

...

My suggestion is to move the Unsafe modules to a new package 'unsafe'. Then you can easily spot all "dirty" packages by looking at reverse dependencies of 'unsafe'.

Hooray, yet another supposedly stand-alone library that GHC will depend on and thus can't be upgraded anyway, so there's no real advantage of making it stand-alone (after all, doesn't base use unsafeInterleaveIO or something for lazy IO?).

Well, it's not like we plan on regularly fiddling that API :)

The clever thing about this suggestion is that most packages don't *export* equivalent power to unsafePerformIO even if they import it (inlinePerformIO from bytestring is a notable exception) so you can easily see from a library's *immediate* dependencies whether it could potentially do anything naughty or not. Also, it's implementable entirely with existing technology, although we'll probably want a major base version bump to remove the modules.

Couldn't that information be discovered by Hackage simply grepping the sources? Surely if all you want to know is if a package calls unsafePerformIO directly, that is the simplest way. Grepping would also find callers of inlinePerformIO, which would be far more useful than tainting every package that depends on bytestring just because it might call that function. Conrad. Conrad.